Get suppressions affecting a specific rule

v2 (latest)

GET https://api.ap1.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/rules/{rule_id}https://api.ap2.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/rules/{rule_id}https://api.datadoghq.eu/api/v2/security_monitoring/configuration/suppressions/rules/{rule_id}https://api.ddog-gov.com/api/v2/security_monitoring/configuration/suppressions/rules/{rule_id}https://api.us2.ddog-gov.com/api/v2/security_monitoring/configuration/suppressions/rules/{rule_id}https://api.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/rules/{rule_id}https://api.us3.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/rules/{rule_id}https://api.us5.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/rules/{rule_id}

Overview

Get the list of suppressions that affect a specific existing rule by its ID.

OAuth apps require the security_monitoring_suppressions_read authorization scope to access this endpoint.

Arguments

Path Parameters

Name

Type

Description

rule_id [required]

string

The ID of the rule.

Response

Response object containing the available suppression rules.

Expand All

Field

Type

Description

data

[object]

A list of suppressions objects.

{
  "data": [
    {
      "attributes": {
        "creation_date": "integer",
        "creator": {
          "handle": "john.doe@datadoghq.com",
          "name": "John Doe"
        },
        "data_exclusion_query": "source:cloudtrail account_id:12345",
        "description": "This rule suppresses low-severity signals in staging environments.",
        "editable": true,
        "enabled": true,
        "expiration_date": 1703187336000,
        "name": "Custom suppression",
        "rule_query": "type:log_detection source:cloudtrail",
        "start_date": 1703187336000,
        "suppression_query": "env:staging status:low",
        "tags": [
          "technique:T1110-brute-force",
          "source:cloudtrail"
        ],
        "update_date": "integer",
        "updater": {
          "handle": "john.doe@datadoghq.com",
          "name": "John Doe"
        },
        "version": 42
      },
      "id": "3dd-0uc-h1s",
      "type": "suppressions"
    }
  ]
}

Not Authorized

API error response.

Expand All

Field

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Not Found

API error response.

Expand All

Field

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Too many requests

API error response.

Expand All

Field

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Code Example

                  # Path parameters
export rule_id="CHANGE_ME"
# Curl command
curl -X GET "https://api.ap1.datadoghq.com"https://api.ap2.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.us2.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/rules/${rule_id}" \
-H "Accept: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}"

                

"""
Get suppressions affecting a specific rule returns "OK" response
"""

from os import environ
from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi

# there is a valid "security_rule" in the system
SECURITY_RULE_ID = environ["SECURITY_RULE_ID"]

configuration = Configuration()
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    response = api_instance.get_suppressions_affecting_rule(
        rule_id=SECURITY_RULE_ID,
    )

    print(response)

Instructions

First install the library and its dependencies and then save the example to example.py and run following commands:

    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" python3 "example.py"

# Get suppressions affecting a specific rule returns "OK" response

require "datadog_api_client"
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new

# there is a valid "security_rule" in the system
SECURITY_RULE_ID = ENV["SECURITY_RULE_ID"]
p api_instance.get_suppressions_affecting_rule(SECURITY_RULE_ID)

Instructions

First install the library and its dependencies and then save the example to example.rb and run following commands:

    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" rb "example.rb"

// Get suppressions affecting a specific rule returns "OK" response

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	// there is a valid "security_rule" in the system
	SecurityRuleID := os.Getenv("SECURITY_RULE_ID")

	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewSecurityMonitoringApi(apiClient)
	resp, r, err := api.GetSuppressionsAffectingRule(ctx, SecurityRuleID)

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.GetSuppressionsAffectingRule`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.GetSuppressionsAffectingRule`:\n%s\n", responseContent)
}

Instructions

First install the library and its dependencies and then save the example to main.go and run following commands:

    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" go run "main.go"

// Get suppressions affecting a specific rule returns "OK" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.model.SecurityMonitoringSuppressionsResponse;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    // there is a valid "security_rule" in the system
    String SECURITY_RULE_ID = System.getenv("SECURITY_RULE_ID");

    try {
      SecurityMonitoringSuppressionsResponse result =
          apiInstance.getSuppressionsAffectingRule(SECURITY_RULE_ID);
      System.out.println(result);
    } catch (ApiException e) {
      System.err.println(
          "Exception when calling SecurityMonitoringApi#getSuppressionsAffectingRule");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

Instructions

First install the library and its dependencies and then save the example to Example.java and run following commands:

    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" java "Example.java"

// Get suppressions affecting a specific rule returns "OK" response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;

#[tokio::main]
async fn main() {
    // there is a valid "security_rule" in the system
    let security_rule_id = std::env::var("SECURITY_RULE_ID").unwrap();
    let configuration = datadog::Configuration::new();
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api
        .get_suppressions_affecting_rule(security_rule_id.clone())
        .await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}

Instructions

First install the library and its dependencies and then save the example to src/main.rs and run following commands:

    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" cargo run

/**
 * Get suppressions affecting a specific rule returns "OK" response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
const apiInstance = new v2.SecurityMonitoringApi(configuration);

// there is a valid "security_rule" in the system
const SECURITY_RULE_ID = process.env.SECURITY_RULE_ID as string;

const params: v2.SecurityMonitoringApiGetSuppressionsAffectingRuleRequest = {
  ruleId: SECURITY_RULE_ID,
};

apiInstance
  .getSuppressionsAffectingRule(params)
  .then((data: v2.SecurityMonitoringSuppressionsResponse) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));

Instructions

First install the library and its dependencies and then save the example to example.ts and run following commands:

    DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comap2.datadoghq.comddog-gov.comus2.ddog-gov.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" tsc "example.ts"

Get suppressions affecting a specific rule

Overview

Arguments

Path Parameters

Response

Code Example

Get suppressions affecting a specific rule

Get suppressions affecting a specific rule

Instructions

Get suppressions affecting a specific rule

Instructions

Get suppressions affecting a specific rule

Instructions

Get suppressions affecting a specific rule

Instructions

Get suppressions affecting a specific rule

Instructions

Get suppressions affecting a specific rule

Instructions

How can I help you today?